Add description sanitization to Budget::Phase with model specs

app/models/budget/phase.rb

@@ -14,6 +14,9 @@ class Budget
     validates :description, length: { maximum: DESCRIPTION_MAX_LENGTH }
     validate :dates_range_valid?
 
+    before_validation :sanitize_description
+
+
     scope :enabled,           -> { where(enabled: true) }
     scope :drafting,          -> { find_by_kind('drafting') }
     scope :accepting,         -> { find_by_kind('accepting')}
@@ -39,5 +42,9 @@ class Budget
       end
     end
 
+
+    def sanitize_description
+      self.description = WYSIWYGSanitizer.new.sanitize(description)
+    end
   end
 end

spec/models/budget/phase_spec.rb

@@ -77,4 +77,12 @@ describe Budget::Phase do
       end
     end
   end
+
+  describe "#sanitize_description" do
+    it "removes html entities from the description" do
+      expect{
+        first_phase.update_attributes(description: "<a>a</p> <javascript>javascript</javascript>")
+      }.to change{ first_phase.description }.to('a javascript')
+    end
+  end
 end